New Rapidly Spreading Botnet Mining Monero

A new Android botnet has been discovered with the purpose of mining cryptocurrency.

The Chinese security firm Netlab has discovered a new Android botnet that is rapidly spreading across China. This malware is spreading through port 5555 which is normally closed, unless it’s been opened by the developer tool Android Debug Bridge (ADB). One would think that the number of devices which have ADB enabled would be small, however this botnet is spreading fast.

This malware exhibits wormlike behavior, and may owe some of this ability to the previous Mirai infection. The malware immediately scans for more devices with port 5555 open after infecting a device. Netlab believes up to 5000 devices have been infected inside 24 hours, primarily in China and South Korea. Most of the infected devices are Android smart phones or Android powered TV boxes. The firm is not releasing device model information as they don’t believe this is caused by any vendor settings. Instead, it would be based on users turning on ADB.

The botnet is being used to mine the cryptocurrency Monero, and so far just doesn’t seem to be doing it very well. At the time of discovery, the infection had managed to mine a value of $3 and had not been paid out.